Subject: DIGEST-MD5 HTTP Authentication
Author: authen
Posted on: 08/07/2006 01:09:46 AM
Here is a practical DIGEST-MD5 authentication example via HTTP
Client: MS Internet Explorer 6.0
Server: MS IIS v6
1. client --> server
GET / HTTP/1.1\r\n
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q3161)\r\n
Host: myIIS.mydomain.com\r\n
Connection: Keep-Alive\r\n
\r\n
HTTP/1.1 401 Unauthorized\r\n
Content-Length: 1656\r\n
Content-Type: text/html\r\n
Server: Microsoft-IIS/6.0\r\n
WWW-Authenticate: Digest
qop="auth",
algorithm=MD5-sess,
nonce="aee0d97ee79ac601862ccc29bba6...",
charset=utf-8,
realm="mydomain.com"\r\n
X-Powered-By: ASP.NET\r\n
\r\n
GET / HTTP/1.1\r\n
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q3161)\r\n
Host: myIIS.mydomain.com\r\n
Connection: Keep-Alive\r\n
Authorization: Digest
username="md5user2",
realm="na.radiantlogic.com",
qop="auth",
algorithm="MD5-sess",
uri="/",
nonce="aee0d97ee79ac601862ccc29ba8ca94bbe5934d17b3c6b...",
nc=00000001,
cnonce="6aae3d3a94027
\r\n
HTTP/1.1 401 Unauthorized\r\n
Content-Length: 1539\r\n
Content-Type: text/html\r\n
Server: Microsoft-IIS/6.0\r\n
WWW-Authenticate: Digest
qop="auth",
algorithm=MD5-sess,
nonce="5290fe8de79ac601dd707dc033a21292949c3354d214cdac7efc...",
charset=utf-8,
realm="mydomain.com"\r\n
X-Powered-By: ASP.NET\r\n
\r\n
References:
